OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/ssl_error_handler.h" | 5 #include "chrome/browser/ssl/ssl_error_handler.h" |
6 | 6 |
7 #include "base/callback.h" | 7 #include "base/callback.h" |
8 #include "base/macros.h" | 8 #include "base/macros.h" |
9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
(...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
194 // A class to test name mismatch errors. Creates an error handler with a name | 194 // A class to test name mismatch errors. Creates an error handler with a name |
195 // mismatch error. | 195 // mismatch error. |
196 class SSLErrorHandlerNameMismatchTest : public ChromeRenderViewHostTestHarness { | 196 class SSLErrorHandlerNameMismatchTest : public ChromeRenderViewHostTestHarness { |
197 public: | 197 public: |
198 SSLErrorHandlerNameMismatchTest() : field_trial_list_(nullptr) {} | 198 SSLErrorHandlerNameMismatchTest() : field_trial_list_(nullptr) {} |
199 | 199 |
200 void SetUp() override { | 200 void SetUp() override { |
201 ChromeRenderViewHostTestHarness::SetUp(); | 201 ChromeRenderViewHostTestHarness::SetUp(); |
202 SSLErrorHandler::ResetConfigForTesting(); | 202 SSLErrorHandler::ResetConfigForTesting(); |
203 SSLErrorHandler::SetInterstitialDelayForTesting(base::TimeDelta()); | 203 SSLErrorHandler::SetInterstitialDelayForTesting(base::TimeDelta()); |
204 ssl_info_.cert = | 204 ssl_info_.cert = GetCertificate(); |
205 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | |
206 ssl_info_.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; | 205 ssl_info_.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; |
207 ssl_info_.public_key_hashes.push_back( | 206 ssl_info_.public_key_hashes.push_back( |
208 net::HashValue(kCertPublicKeyHashValue)); | 207 net::HashValue(kCertPublicKeyHashValue)); |
209 | 208 |
210 delegate_ = | 209 delegate_ = |
211 new TestSSLErrorHandlerDelegate(profile(), web_contents(), ssl_info_); | 210 new TestSSLErrorHandlerDelegate(profile(), web_contents(), ssl_info_); |
212 error_handler_.reset(new TestSSLErrorHandler( | 211 error_handler_.reset(new TestSSLErrorHandler( |
213 std::unique_ptr<SSLErrorHandler::Delegate>(delegate_), web_contents(), | 212 std::unique_ptr<SSLErrorHandler::Delegate>(delegate_), web_contents(), |
214 profile(), net::MapCertStatusToNetError(ssl_info_.cert_status), | 213 profile(), net::MapCertStatusToNetError(ssl_info_.cert_status), |
215 ssl_info_, | 214 ssl_info_, |
216 GURL(), // request_url | 215 GURL(), // request_url |
217 base::Callback<void(content::CertificateRequestResultType)>())); | 216 base::Callback<void(content::CertificateRequestResultType)>())); |
218 } | 217 } |
219 | 218 |
219 // Returns a certificate for the test. Virtual to allow derived fixtures to | |
220 // use a certificate with different characteristics. | |
221 virtual scoped_refptr<net::X509Certificate> GetCertificate() { | |
estark
2017/04/04 17:22:07
nit: make protected
elawrence
2017/04/04 19:53:24
I made it private based on usage.
| |
222 return net::ImportCertFromFile(net::GetTestCertsDirectory(), | |
223 "subjectAltName_www_example_com.pem"); | |
224 } | |
225 | |
220 void TearDown() override { | 226 void TearDown() override { |
221 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); | 227 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
222 error_handler_.reset(nullptr); | 228 error_handler_.reset(nullptr); |
223 SSLErrorHandler::ResetConfigForTesting(); | 229 SSLErrorHandler::ResetConfigForTesting(); |
224 ChromeRenderViewHostTestHarness::TearDown(); | 230 ChromeRenderViewHostTestHarness::TearDown(); |
225 } | 231 } |
226 | 232 |
233 ~SSLErrorHandlerNameMismatchTest() override {} | |
estark
2017/04/04 17:22:07
nit: should go at line 199
elawrence
2017/04/04 19:53:24
Done.
| |
234 | |
227 TestSSLErrorHandler* error_handler() { return error_handler_.get(); } | 235 TestSSLErrorHandler* error_handler() { return error_handler_.get(); } |
228 TestSSLErrorHandlerDelegate* delegate() { return delegate_; } | 236 TestSSLErrorHandlerDelegate* delegate() { return delegate_; } |
229 | 237 |
230 const net::SSLInfo& ssl_info() { return ssl_info_; } | 238 const net::SSLInfo& ssl_info() { return ssl_info_; } |
231 | 239 |
232 private: | 240 private: |
233 net::SSLInfo ssl_info_; | 241 net::SSLInfo ssl_info_; |
234 std::unique_ptr<TestSSLErrorHandler> error_handler_; | 242 std::unique_ptr<TestSSLErrorHandler> error_handler_; |
235 TestSSLErrorHandlerDelegate* delegate_; | 243 TestSSLErrorHandlerDelegate* delegate_; |
236 base::FieldTrialList field_trial_list_; | 244 base::FieldTrialList field_trial_list_; |
237 | 245 |
238 DISALLOW_COPY_AND_ASSIGN(SSLErrorHandlerNameMismatchTest); | 246 DISALLOW_COPY_AND_ASSIGN(SSLErrorHandlerNameMismatchTest); |
239 }; | 247 }; |
240 | 248 |
249 // A class to test name mismatch errors, where the certificate lacks a | |
250 // SubjectAltName. Creates an error handler with a name mismatch error. | |
251 class SSLErrorHandlerNameMismatchNoSANTest | |
252 : public SSLErrorHandlerNameMismatchTest { | |
253 public: | |
254 SSLErrorHandlerNameMismatchNoSANTest() {} | |
255 | |
256 // Return a certificate that contains no SubjectAltName field. | |
257 scoped_refptr<net::X509Certificate> GetCertificate() override { | |
258 return net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | |
259 } | |
260 | |
261 DISALLOW_COPY_AND_ASSIGN(SSLErrorHandlerNameMismatchNoSANTest); | |
262 }; | |
263 | |
241 // A class to test the captive portal certificate list feature. Creates an error | 264 // A class to test the captive portal certificate list feature. Creates an error |
242 // handler with a name mismatch error by default. The error handler can be | 265 // handler with a name mismatch error by default. The error handler can be |
243 // recreated by calling ResetErrorHandler() with an appropriate cert status. | 266 // recreated by calling ResetErrorHandler() with an appropriate cert status. |
244 class SSLErrorHandlerCaptivePortalCertListTest | 267 class SSLErrorHandlerCaptivePortalCertListTest |
245 : public ChromeRenderViewHostTestHarness { | 268 : public ChromeRenderViewHostTestHarness { |
246 public: | 269 public: |
247 SSLErrorHandlerCaptivePortalCertListTest() : field_trial_list_(nullptr) {} | 270 SSLErrorHandlerCaptivePortalCertListTest() : field_trial_list_(nullptr) {} |
248 | 271 |
249 void SetUp() override { | 272 void SetUp() override { |
250 ChromeRenderViewHostTestHarness::SetUp(); | 273 ChromeRenderViewHostTestHarness::SetUp(); |
(...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
568 | 591 |
569 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); | 592 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
570 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); | 593 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); |
571 | 594 |
572 // Note that the suggested URL check is never completed, so there is no entry | 595 // Note that the suggested URL check is never completed, so there is no entry |
573 // for WWW_MISMATCH_URL_AVAILABLE or WWW_MISMATCH_URL_NOT_AVAILABLE. | 596 // for WWW_MISMATCH_URL_AVAILABLE or WWW_MISMATCH_URL_NOT_AVAILABLE. |
574 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 3); | 597 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 3); |
575 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 598 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
576 SSLErrorHandler::HANDLE_ALL, 1); | 599 SSLErrorHandler::HANDLE_ALL, 1); |
577 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 600 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
578 SSLErrorHandler::WWW_MISMATCH_FOUND, 1); | 601 SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 1); |
579 histograms.ExpectBucketCount( | 602 histograms.ExpectBucketCount( |
580 SSLErrorHandler::GetHistogramNameForTesting(), | 603 SSLErrorHandler::GetHistogramNameForTesting(), |
581 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); | 604 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); |
582 } | 605 } |
583 | 606 |
584 TEST_F(SSLErrorHandlerNameMismatchTest, | 607 TEST_F(SSLErrorHandlerNameMismatchTest, |
585 ShouldNotHandleNameMismatchOnNonOverridableError) { | 608 ShouldNotHandleNameMismatchOnNonOverridableError) { |
586 base::HistogramTester histograms; | 609 base::HistogramTester histograms; |
587 delegate()->set_non_overridable_error(); | 610 delegate()->set_non_overridable_error(); |
588 delegate()->set_suggested_url_exists(); | 611 delegate()->set_suggested_url_exists(); |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
642 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); | 665 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
643 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); | 666 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); |
644 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); | 667 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); |
645 | 668 |
646 // Note that the suggested URL check is never completed, so there is no entry | 669 // Note that the suggested URL check is never completed, so there is no entry |
647 // for WWW_MISMATCH_URL_AVAILABLE or WWW_MISMATCH_URL_NOT_AVAILABLE. | 670 // for WWW_MISMATCH_URL_AVAILABLE or WWW_MISMATCH_URL_NOT_AVAILABLE. |
648 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 3); | 671 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 3); |
649 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 672 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
650 SSLErrorHandler::HANDLE_ALL, 1); | 673 SSLErrorHandler::HANDLE_ALL, 1); |
651 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 674 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
652 SSLErrorHandler::WWW_MISMATCH_FOUND, 1); | 675 SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 1); |
653 histograms.ExpectBucketCount( | 676 histograms.ExpectBucketCount( |
654 SSLErrorHandler::GetHistogramNameForTesting(), | 677 SSLErrorHandler::GetHistogramNameForTesting(), |
655 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); | 678 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); |
656 } | 679 } |
657 | 680 |
658 TEST_F(SSLErrorHandlerNameMismatchTest, | 681 TEST_F(SSLErrorHandlerNameMismatchTest, |
659 ShouldRedirectOnSuggestedUrlCheckResult) { | 682 ShouldRedirectOnSuggestedUrlCheckResult) { |
660 base::HistogramTester histograms; | 683 base::HistogramTester histograms; |
661 delegate()->set_suggested_url_exists(); | 684 delegate()->set_suggested_url_exists(); |
662 error_handler()->StartHandlingError(); | 685 error_handler()->StartHandlingError(); |
(...skipping 11 matching lines...) Expand all Loading... | |
674 GURL("https://random.example.com")); | 697 GURL("https://random.example.com")); |
675 | 698 |
676 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); | 699 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
677 EXPECT_FALSE(delegate()->ssl_interstitial_shown()); | 700 EXPECT_FALSE(delegate()->ssl_interstitial_shown()); |
678 EXPECT_TRUE(delegate()->redirected_to_suggested_url()); | 701 EXPECT_TRUE(delegate()->redirected_to_suggested_url()); |
679 | 702 |
680 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 3); | 703 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 3); |
681 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 704 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
682 SSLErrorHandler::HANDLE_ALL, 1); | 705 SSLErrorHandler::HANDLE_ALL, 1); |
683 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 706 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
684 SSLErrorHandler::WWW_MISMATCH_FOUND, 1); | 707 SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 1); |
685 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 708 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
686 SSLErrorHandler::WWW_MISMATCH_URL_AVAILABLE, 1); | 709 SSLErrorHandler::WWW_MISMATCH_URL_AVAILABLE, 1); |
687 } | 710 } |
688 | 711 |
712 // No suggestions should be requested if certificate lacks a SubjectAltName. | |
713 TEST_F(SSLErrorHandlerNameMismatchNoSANTest, | |
714 SSLCommonNameMismatchHandlingRequiresSubjectAltName) { | |
715 base::HistogramTester histograms; | |
716 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); | |
717 delegate()->set_suggested_url_exists(); | |
718 error_handler()->StartHandlingError(); | |
719 | |
720 EXPECT_FALSE(delegate()->suggested_url_checked()); | |
721 base::RunLoop().RunUntilIdle(); | |
722 | |
723 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); | |
724 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); | |
725 | |
726 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 2); | |
727 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | |
728 SSLErrorHandler::HANDLE_ALL, 1); | |
729 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | |
730 SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 0); | |
731 histograms.ExpectBucketCount( | |
732 SSLErrorHandler::GetHistogramNameForTesting(), | |
733 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); | |
734 } | |
735 | |
689 TEST_F(SSLErrorHandlerNameMismatchTest, | 736 TEST_F(SSLErrorHandlerNameMismatchTest, |
690 ShouldShowSSLInterstitialOnInvalidUrlCheckResult) { | 737 ShouldShowSSLInterstitialOnInvalidUrlCheckResult) { |
691 base::HistogramTester histograms; | 738 base::HistogramTester histograms; |
692 delegate()->set_suggested_url_exists(); | 739 delegate()->set_suggested_url_exists(); |
693 error_handler()->StartHandlingError(); | 740 error_handler()->StartHandlingError(); |
694 | 741 |
695 EXPECT_TRUE(error_handler()->IsTimerRunningForTesting()); | 742 EXPECT_TRUE(error_handler()->IsTimerRunningForTesting()); |
696 EXPECT_TRUE(delegate()->suggested_url_checked()); | 743 EXPECT_TRUE(delegate()->suggested_url_checked()); |
697 EXPECT_FALSE(delegate()->ssl_interstitial_shown()); | 744 EXPECT_FALSE(delegate()->ssl_interstitial_shown()); |
698 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); | 745 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); |
699 // Fake an Invalid Suggested URL Check result. | 746 // Fake an Invalid Suggested URL Check result. |
700 delegate()->SendSuggestedUrlCheckResult( | 747 delegate()->SendSuggestedUrlCheckResult( |
701 CommonNameMismatchHandler::SuggestedUrlCheckResult:: | 748 CommonNameMismatchHandler::SuggestedUrlCheckResult:: |
702 SUGGESTED_URL_NOT_AVAILABLE, | 749 SUGGESTED_URL_NOT_AVAILABLE, |
703 GURL()); | 750 GURL()); |
704 | 751 |
705 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); | 752 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
706 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); | 753 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); |
707 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); | 754 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); |
708 | 755 |
709 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 4); | 756 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 4); |
710 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 757 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
711 SSLErrorHandler::HANDLE_ALL, 1); | 758 SSLErrorHandler::HANDLE_ALL, 1); |
712 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 759 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
713 SSLErrorHandler::WWW_MISMATCH_FOUND, 1); | 760 SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 1); |
714 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 761 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
715 SSLErrorHandler::WWW_MISMATCH_URL_NOT_AVAILABLE, | 762 SSLErrorHandler::WWW_MISMATCH_URL_NOT_AVAILABLE, |
716 1); | 763 1); |
717 histograms.ExpectBucketCount( | 764 histograms.ExpectBucketCount( |
718 SSLErrorHandler::GetHistogramNameForTesting(), | 765 SSLErrorHandler::GetHistogramNameForTesting(), |
719 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); | 766 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); |
720 } | 767 } |
721 | 768 |
722 TEST_F(SSLErrorHandlerDateInvalidTest, TimeQueryStarted) { | 769 TEST_F(SSLErrorHandlerDateInvalidTest, TimeQueryStarted) { |
723 base::HistogramTester histograms; | 770 base::HistogramTester histograms; |
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
954 | 1001 |
955 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 2); | 1002 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 2); |
956 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 1003 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
957 SSLErrorHandler::HANDLE_ALL, 1); | 1004 SSLErrorHandler::HANDLE_ALL, 1); |
958 histograms.ExpectBucketCount( | 1005 histograms.ExpectBucketCount( |
959 SSLErrorHandler::GetHistogramNameForTesting(), | 1006 SSLErrorHandler::GetHistogramNameForTesting(), |
960 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); | 1007 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); |
961 } | 1008 } |
962 | 1009 |
963 #endif // BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) | 1010 #endif // BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) |
OLD | NEW |